[CentOS] Strange TCP ports phenomena
Scot L. Harris
webid at cfl.rr.com
Wed Aug 17 20:53:28 UTC 2005
On Wed, 2005-08-17 at 16:38, Dominik Składanowski wrote:
> >>>>>Sounds like exactly what you're seeing, I know our watchguard firebox proxies FTP connections so it looks like every box has FTP installed even if they don't.
> >>>
> >>>
> >>>>>Do you have a router/firewall in front of your server? If you are using
> >>>>>something like http://www.grc.com to scan from the Internet you are
> >>>>>probably getting a response from the router/firewall in front of your
> >>>>>server not from the server itself.
> >>>
> >>>
> >>>
> >>>>Few days ago I had another server on the same IP (it's IP for tests
> >>>>before production place), which was FTP server. So maybe that's a reason?
> >>>
> >>>
> >>>If the current server does not have those ports open they should show as
> >>>closed or stealthed. I believe that you have a device providing NAT in
> >>>front of your machine and it has that port open for some reason.
> >>>
> >>>Is that at an ISP or a home network?
> >>
> >>There is no any NAT in the front of this machine. Besides it has public IP.
> >
> >
> > What does netstat -l show?
>
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 *:imaps *:*
> LISTEN
> tcp 0 0 *:pop3s *:*
> LISTEN
> tcp 0 0 server.domain.pl:10024 *:*
Does not appear you have ftp open on this machine. I still think you
have some kind of router or device in front of your system that has that
port open.
More information about the CentOS
mailing list